<?php
class Session 
{
    private $db = '';
    public $_session;
    
    public function __construct($db)
    {
        $this->db = $db;
    }
    
	function check()
	{
		if(isset($_SESSION['iduser']) && isset($_SESSION['identifiant']) && isset($_SESSION['session_id']) && isset($_SESSION['token']))
        {
            # Verification session dans la base
            $this->db->sql_query("SELECT id FROM immo_user_session_admin WHERE id = '". $_SESSION['session_id'] ."' AND token = '". $_SESSION['token'] ."' AND uid = '". $_SESSION['iduser'] ."' AND ip = '". base64_encode($_SERVER['REMOTE_ADDR']) ."'");
            if($this->db->nb_resultat == 1)
            {
                $QueryArray = array(
                'last_used' => time(),
                'page'  =>  get_currentpage());
                $this->db->sql_query(CreateQueryUpdate($QueryArray, 'immo_user_session_admin', " id = '". $_SESSION['session_id'] ."' AND token = '". $_SESSION['token'] ."' AND uid = '". $_SESSION['iduser'] ."' AND ip = '". base64_encode($_SERVER['REMOTE_ADDR']) ."'"));
                $this->push_session_var($_SESSION);
                return true;
            }
            else
            {
                Session::delete_session_for_user($_SESSION['iduser']);
                session_destroy();
				return false;
            }
        }
		else
			return false;
	}	
	
    private function push_session_var($array_var)
    {
        foreach($array_var as $key => $value)
        {
            $this->_session['' . $key . ''] = $value;
        }
    }
    
	function create($Utilisateur)
	{
        global $db;
        #Suppression de $_SESSION['n'] si existe
        if(isset($_SESSION['iduser'])) unset($_SESSION['iduser']);
        if(isset($_SESSION['identifiant'])) unset($_SESSION['identifiant']);
        if(isset($_SESSION['token'])) unset($_SESSION['token']);
        if(isset($_SESSION['session_id'])) unset($_SESSION['session_id']);
        #Suppression de la base des sessions utilisateur si existe
        Session::delete_session_for_user($Utilisateur->id);
        #Creation var de session
        $_SESSION['iduser'] = $Utilisateur->id;
        $_SESSION['identifiant'] = $Utilisateur->identifiant;
        $_SESSION['token'] = md5(uniqid(rand(), true));
        $_SESSION['session_id'] = md5(uniqid(rand(), true));
        #Enregistrement dans la base
        $QueryArray = array(
        'id'    =>  $_SESSION['session_id'],
        'token' =>  $_SESSION['token'],
        'uid'   =>  $Utilisateur->id,
        'date_create'   =>  time(),
        'last_used' =>  time(),
        'ip'    =>  base64_encode($_SERVER['REMOTE_ADDR']),
        'page'  =>  get_currentpage());
        $db->sql_query(CreateQueryInsert($QueryArray, 'immo_user_session_admin'));
		
		if(Session::is_admin($Utilisateur->id))	$_SESSION['administrateur'] = 'yes';
		else $_SESSION['administrateur'] = 'no';
	}
	
	function check_admin()
	{
		if($_SESSION['administrateur'] == 'yes')
			return true;
		else
			return false;
	}
    
    function csrf_check($redirect = false)
    {
        if($_SESSION['token'] == $_POST['token'])
            return true;
        else
        {
            if($redirect == true)
                redirect('logout.php?csrf');
            else
                return false;  
        }            

    }
    
    function csrf_check_get($redirect = false)
    {
        if($this->_session['token'] == $_GET['token'])
            return true;
        else
        {
            if($redirect == true)
                redirect('logout.php?csrf');
            else
                return false;  
        } 
    }
    
    function delete_session_for_user($user_id)
	{
		global $db;
        if($this->_session['iduser'] != '')
		  $db->sql_query("DELETE FROM immo_user_session_admin WHERE uid = '". $this->_session['iduser'] ."'");
	}
	
	function delete_session_time()
	{
		global $db;
		# Suppression des sessions de plus de 60min inactive
        $t = time() - 3600;
		$db->sql_query("DELETE FROM immo_user_session_admin WHERE last_used < '". $t ."'");
	}
    
    function is_admin($uid)
    {
        global $db;
        if($_SESSION['iduser'] == 1) return true;
        else
        {
            $db->sql_query("SELECT * FROM immo_groupe_user_link WHERE uid = '". $uid ."' AND gid = '1'");
            if($db->nb_resultat == 1) return true;
            else return false;
        }
    }
}
?>